tomcat-users mailing list archives

Mirek.Subrt@intax.cz writes:
> Can you tell me, why session.invalidate() and session.putValue() methods
> work only with Tomcat 3.1 and not with Tomcat 3.2 beta 3?
> [...]
> session.invalidate();
> session = request.getSession (true);
> beanX=new Vector();
> session.putValue("beanX", beanX);
The behaviour you were relying on in 3.1 was that if the current
HttpSession was not valid, then a calling "request.getSession(true)"
would create a new session.
The documentation I have to hand (servlet23_PublicDraft1) has:
public HttpSession getSession(boolean create)
Returns the current HttpSession associated with this request or, if if
there is no current session and create is true, returns a new session.
If create is false and the request has no valid HttpSession, this
method returns null.
It would seem in Tomcat 3.2 once the session is associated with a request,
it remains associated, even though it is no longer valid. This doesn't
actually conflict with the first paragraph.
However, there might be a bug in 3.2 (looking at the old copy of the
code I have) in that the following code would not return null, but will
return an invalid session, which conflicts with the second paragraph.
session.invalidate()
session = request.getSession(false);
Try reporting the behaviour you are seeing as a bug, and see if it
a) either gets fixed, or b) it is confirmed as being part of the
specification.
You could avoid this problem entirely by re-using the session object, but
manually clearing all elements.
Enumeration names = session.getAttributeNames();
while ( names.hasMoreElements() )
{
session.removeValue( (String) names.nextElement() );
}
--
`O O' | Nick.Holloway@pyrites.org.uk
// ^ \\ | http://www.pyrites.org.uk/